Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
advancedcustomfields advanced custom fields vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-6701
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
Advancedcustomfields Advanced Custom Fields
7.5
CVSSv3
CVE-2022-40696
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 up to and including 6.0.2.
Advancedcustomfields Advanced Custom Fields
5.4
CVSSv3
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product ...
Advancedcustomfields Advanced Custom Fields
6.1
CVSSv3
CVE-2023-30777
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
Advancedcustomfields Advanced Custom Fields
1 Github repository
1 Article
8.8
CVSSv3
CVE-2023-1196
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x prior to 6.1.0 and 5.x prior to 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
Advancedcustomfields Advanced Custom Fields
8.8
CVSSv3
CVE-2022-2594
The Advanced Custom Fields WordPress plugin prior to 5.12.3, Advanced Custom Fields Pro WordPress plugin prior to 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnera...
Advancedcustomfields Advanced Custom Fields
6.5
CVSSv3
CVE-2022-23183
Missing authorization vulnerability in Advanced Custom Fields versions before 5.12.1 and Advanced Custom Fields Pro versions before 5.12.1 allows a remote authenticated malicious user to view the information on the database without the access permission.
Advancedcustomfields Advanced Custom Fields
7.5
CVSSv3
CVE-2021-20865
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
6.5
CVSSv3
CVE-2021-20866
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
6.5
CVSSv3
CVE-2021-20867
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »